Cisco Issues a Patch to Fix a Critical Bug in Unified CCMMP and Unified CDM

Cisco lanza un parche para un error crítico que afecta a Unified CCMP y Unified CCDM News

Cisco Systems released security updates to address a critical vulnerability affecting Unified Contact Center Management Portal and Unified Contact Center Domain Manager. This could allow remote attackers to gain control over the affected systems.

Tracked as CVE-2022-20658, the vulnerability has been rated 9. 6 in severity on the CVSS scoring system, and concerns a privilege escalation flaw arising out of a lack of server-side validation of user permissions that could be weaponized to create rogue Administrator accounts by submitting a crafted HTTP request.

“With these accounts, the attacker could access and modify telephony and user resources across all the Unified platforms that are associated to the vulnerable Cisco Unified CCMP,” Cisco noted in an advisory published this week. ” To successfully exploit this vulnerability, an attacker would need valid Advanced User credentials. “

Unified CCMP and Unified CCDM product versions 12.5. 1, 12.0. 1, and 11.6. 1 and earlier running with default configuration are impacted, the networking equipment company said, adding it found the issue as part of a Technical Assistance Center (TAC) support case. Version 12.6. 1 of the software is not affected.

While there is no evidence that the security flaw has been exploited in real-world attacks, it’s recommended that users upgrade to the latest version to mitigate the risk associated with the flaws.

David
Rate author
Hackarizona